`juju add-credential`


juju add-credential [options] <cloud name>


Adds a credential for a cloud to a local client and uploads it to a controller.

Global Options:

--debug  (= false)

Equivalent to --show-log --logging-config==DEBUG

-h, --help  (= false)

Show help on a command or other topic.

--logging-config (= "")

Specify log levels for modules

--quiet  (= false)

Show no informational output

--show-log  (= false)

If set, write the log file to stderr

--verbose  (= false)

Show more verbose output

Command Options:

-B, --no-browser-login  (= false)

Do not use web browser for authentication

-c, --controller (= "")

Controller to operate in

--client  (= false)

Client operation

-f, --file (= "")

The YAML file containing credentials to add

--local  (= false)

DEPRECATED (use --client): Local operation only; controller not affected

--region (= "")

Cloud region that credential is valid for

--replace  (= false)

DEPRECATED: Overwrite existing credential information


The juju add-credential command operates in two modes.

When called with only the argument, juju add-credential will take you through an interactive prompt to add a credential specific to the cloud provider.

Providing the -f <credentials.yaml> option switches to the non-interactive mode. <credentials.yaml> must be a path to a correctly formatted YAML-formatted file.

Sample yaml file shows four credentials being stored against three clouds:

        auth-type: access-key
        access-key: <key>
        secret-key: <key>
        auth-type: service-principal-secret
        application-id: <uuid>
        application-password: <password>
        subscription-id: <uuid>
        auth-type: interactive
        trust-password: <password>
        auth-type: interactive
        trust-password: <password>

The parameter of each credential is arbitrary, but must be unique within each . This allows each cloud to store multiple credentials.

The format for a credential is cloud-specific. Thus, it’s best to use add-credential command in an interactive mode. This will result in adding this new credential locally and / or uploading it to a controller in a correct format for the desired cloud.

The --replace option is required if credential information for the named cloud already exists locally. All such information will be overwritten. This option is DEPRECATED, use juju update-credential instead.


juju add-credential google
juju add-credential google --client
juju add-credential google -c mycontroller
juju add-credential aws -f ~/credentials.yaml -c mycontroller
juju add-credential aws -f ~/credentials.yaml
juju add-credential aws -f ~/credentials.yaml --client


If you are setting up Juju for the first time, consider running juju autoload-credentials. This may allow you to skip adding credentials manually.

This command does not set default regions nor default credentials for the cloud. The commands juju default-region and juju default-credential provide that functionality.

Use --controller option to upload a credential to a controller.

Use --client option to add a credential to the current client.

See also: